Redhat – Jupiter Broadcasting

Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show!

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Getting Started with Chef | Ask Noah 55 first appeared on Jupiter Broadcasting.

Doin’ Lines of WiFi | Ask Noah 30

chris — Mon, 16 Oct 2017 19:16:49 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Doin' Lines of WiFi | Ask Noah 30 first appeared on Jupiter Broadcasting.

Interview with Bob Carver | Ask Noah 25

chris — Mon, 11 Sep 2017 20:39:36 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Interview with Bob Carver | Ask Noah 25 first appeared on Jupiter Broadcasting.

BTRFS is Toast | TechSNAP 331

chris — Tue, 08 Aug 2017 22:38:35 +0000

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Responsible Disclosure Is Hard

When a responsible person discovers a security issue, disclosing it properly is difficult
Uses Tesla’s policy as a good example of how companies should do this
“This is not hard stuff and it basically amounts to text on a page. Consider whether your own organisation has something to this effect and is actually ready to handle disclosure by those who attempt to do so ethically. Listen to these people and be thankful they exist; there’s a whole bunch of others out there who are far less charitable and by the time you hear from those guys, it’s already too late.”

RedHat deprecates Btrfs

The Btrfs file system has been in Technology Preview state since the initial release of Red Hat Enterprise Linux 6. Red Hat will not be moving Btrfs to a fully supported feature and it will be removed in a future major release of Red Hat Enterprise Linux.
The Btrfs file system did receive numerous updates from the upstream in Red Hat Enterprise Linux 7.4 and will remain available in the Red Hat Enterprise Linux 7 series. However, this is the last planned update to this feature.

320 Million Freely Downloadable Pwned Password hashes

NOTE: these are SHA-1 hashes, not the raw passwords: 320,335,236 to be precise
Password checking page – that same URL has links for downloading the hashes
To unzip the files, you need p7zip. Command to extract is: 7z x pwned-passwords-update-1.txt.7z
to generate a sha1 hash, Dan used: ‘sha1 -s TechSNAP’ – SHA1 (“TechSNAP”) = c6586a62febc8706d814fe28fe397e9dca146992. Use “tr ‘[a-z]’ ‘[A-Z]'” to upper case.
takes about 0.176ms to locate a hash on a PostgreSQL 9.6 database
Example query construction
Passwords Evolved: Authentication Guidance for the Modern Era
API for using Troy’s service
Troy’s donation page

Feedback

Round Up:

The post BTRFS is Toast | TechSNAP 331 first appeared on Jupiter Broadcasting.

Kickin’ Harder Than a Sensei | Ask Noah 20

chris — Mon, 07 Aug 2017 21:16:18 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Kickin' Harder Than a Sensei | Ask Noah 20 first appeared on Jupiter Broadcasting.

Switching London to Linux | Ask Noah 18

chris — Mon, 24 Jul 2017 18:07:06 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Switching London to Linux | Ask Noah 18 first appeared on Jupiter Broadcasting.

Tails of Privacy | Ask Noah 13

chris — Mon, 19 Jun 2017 21:43:24 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

— Noobs Corner —

Check out the Ask Noah Dashboard

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —

The post Tails of Privacy | Ask Noah 13 first appeared on Jupiter Broadcasting.

Live from SELF | Ask Noah 11

chris — Sat, 10 Jun 2017 22:15:59 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

Linux Active Directory Systems
Mooltipass

— Noobs Corner —

Check out the Ask Noah Dashboard

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —
+ Noah – Kernellinux
+ Ask Noah Show
+ Altispeed Technologies
+ Jupiter Broadcasting

The post Live from SELF | Ask Noah 11 first appeared on Jupiter Broadcasting.

Security Enhanced Linux | Ask Noah 9

chris — Mon, 29 May 2017 21:04:33 +0000

RSS Feeds:

MP3 Feed | HD Video Feed | iTunes Feed

Become a supporter on Patreon:

— Show Notes: —

— The Cliff Notes —

Enhance Your Security with Linux

getenforce
sentenforce=0
setenforce=1
ls -Z

— Noobs Corner —

Check out the Ask Noah Dashboard

The first 5 people to ask will receive help setting up Seafile 6 on Centos 7 with a self signed SSL.

— Stay In Touch —

Find all the resources for this show on the Ask Noah Dashboard

Ask Noah Dashboard

Altispeed Technologies

Contact Noah

asknoah [at] jupiterbroadcasting.com

— Twitter —
+ Noah – Kernellinux
+ Ask Noah Show
+ Altispeed Technologies
+ Jupiter Broadcasting

The post Security Enhanced Linux | Ask Noah 9 first appeared on Jupiter Broadcasting.

Shift+F10 and Done | TechSNAP 295

chris — Thu, 01 Dec 2016 19:42:13 +0000

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Researcher accidently roots Microsoft Azure’s Redhat Update Infrastructure servers

“I was tasked with creating a machine image of Red Hat Enterprise Linux that was compliant to the Security Technical Implementation guide defined by the Department of Defense.”
“This machine image was to be used for both Amazon Web Services and Microsoft Azure. Both of which offer marketplace images which had a metered billing pricing model. Ideally, I wanted my custom image to be billed under the same mechanism, as such the virtual machines would be able to consume software updates from a local Red Hat Enterprise Linux repository owned and managed by the cloud provider.”
“Both Amazon Web Services and Microsoft Azure utilise a deployment of Red Hat Update Infrastructure for supplying this functionality.”
“There is only one Red Hat Update Appliance per Red Hat Update Infrastructure installation, however, both Amazon Web Services and Microsoft Azure create one per region.”
“Both Amazon Web Services and Microsoft Azure use SSL certificates for authentication against the repositories. However, these are the same SSL certificates for every instance.”
“On Amazon Web Services having the SSL certificates is not enough, you must have booted your instance from an AMI that had an associated billing code. It is this billing code that ensures you pay the extra premium for running Red Hat Enterprise Linux.”
“On Azure it remains undefined how they manage to track billing. At the time of research, it was possible to copy the SSL certificates from one instance to another and successfully authenticate. Additionally, if you duplicated a Red Hat Enterprise Linux virtual hard disk and created a new instance from it all billing association seemed to be lost but repository access was still available.”
“On Azure to setup repository connectivity, they provide an RPM with the necessary configuration. The installation script it references comes from the following archive. If you expand this archive you will find the client configuration for each region.
The post goes over how the hostnames for all of the Update Appliances were discovered
“The build host is interesting rhui-monitor.cloudapp.net, at the time of research running a port scan revealed an application running on port 8080.”
“Despite the application requiring username and password based authentication, It was possible to execute a run of their “backend log collector” on a specified content delivery server. When the collector service completed the application supplied URLs to archives which contain multiple logs and configuration files from the servers.”
“Included within these archives was an SSL certificate that would grant full administrative access to the Red Hat Update Appliances”
So now, the researcher could access each Update Appliance with full administrative access, create new packages, or newer versions of common packages, that include a backdoor. Every Redhat VM on the entire cloud provider would then install this “important security update”, giving the attack full access to every machine
“Given no gpgcheck is enabled, with full administrative access to the Red Hat Enterprise Linux Appliance REST API one could have uploaded packages that would be acquired by client virtual machines on their next yum update.”
Even if gpgcheck was enabled, it is likely that the GPG key would be exposed to the administrator of the update appliance
“The issue was reported in accordance to the Microsoft Online Services Bug Bounty terms. Microsoft agreed it was a vulnerability in their systems. Immediate action was taken to prevent public access to rhui-monitor.cloudapp.net. Additionally, they eventually prevented public access to the Red Hat Update Appliances and they claim to have rotated all secrets.”

Newly discovered router flaw being hammered by in-the-wild attacks

“Online criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons—have begun exploiting a critical flaw that may be present in millions of home routers.”
“Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom, respectively, have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks. The attacks exploit weaknesses found in routers made by Zyxel, Speedport, and possibly other manufacturers. The devices leave Internet port 7547 open to outside connections. The exploits use the opening to send commands based on the TR-069 and related TR-064 protocols, which ISPs use to remotely manage large fleets of hardware. According to this advisory published Monday morning by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploits every five to 10 minutes.”
“SANS Dean of Research Johannes Ullrich said in Monday’s post that exploits are almost certainly the cause behind an outage that hit Deutsche Telekom customers over the weekend. In a Facebook update, officials with the German ISP said 900,000 customers are vulnerable to the attacks until they are rebooted and receive an emergency patch. Earlier this month, researchers at security firm BadCyber reported that the same one-two port 7547/TR-064 exploit hit the home router of a reader in Poland.”
“The Shodan search engine shows that 41 million devices leave port 7547 open, while about five million expose TR-064 services to the outside world.”
“The attacks started shortly after researchers published attack code that exploited the exposed TR-064 service. Included as a module for the Metasploit exploitation framework, the attack code opens the port 80 Web interface that enables remote administration. From there, devices that use default or otherwise weak authentication passwords can be remotely commandeered and made to join botnets that carry out Internet-crippling denial-of-service attacks.”
Exploit Code
“To infect as many routers as possible, the exploits deliver three separate exploit files, two tailored to devices running different types of MIPS chips and a third that targets routers with ARM silicon. Just like the Metasploit code, the malicious payloads use the exploit to open the remote administration interface and then attempt to log in using three different default passwords. The attack then closes port 7547 to prevent other criminal enterprises from taking control of the devices”
“The malware itself is really friendly as it closes the vulnerability once the router is infected. It performs the following commands:”
- busybox iptables -A INPUT -p tcp –destination-port 7547 -j DROP
busybox killall -9 telnetd
“which should make the device “secure”… until next reboot. The first one closes port 7547 and the second one kills the telnet service, making it really hard for the ISP to update the device remotely.”
So while exploited routers will stop being vulnerable to other attackers, they will be harder for the ISP to fix properly
ISPs could help protect their customers, and their own command-and-control of customers’ routers, by blocking inbound port 7547 from outside of their network

Hack Windows 10 by holding down Shift+F10

“Every Windows 10 in-place Upgrade is a SEVERE Security risk”
During the update process, when the computer boots into the updater, holding Shift+F10 will pop a command prompt, running as SYSTEM, the highest privilege level possible on windows.
What makes this worse, is that this happens after the volume encryption keys have been loaded, so even bitkeeper encrypted disks are vulnerable to access by unauthorized people
“This is a big issue and it has been there for a long time. Just a month ago I finally got verification that the Microsoft Product Groups not only know about this but that they have begun working on a fix. As I want to be known as a white hat I had to wait for this to happen before I blog this.”
“There is a small but CRAZY bug in the way the “Feature Update” (previously known as “Upgrade”) is installed. The installation of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment). This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt. This sadly allows for access to the hard disk as during the upgrade Microsoft disables BitLocker. I demonstrate this in the following video.”
“The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft’s hard disk encryption) protected machine. And of course that this doesn’t require any external hardware or additional software.”
Additional Coverage: BleepingComputer
“In an email conversation with Bleeping Computer, Laiho reveals that because of certain defaults in Windows 10 configurations, computers might be forced to perform an update, even if a user is not present, or has logged on for a long period of time.”
“At some point, every computer that is not managed by WSUS/SCCM or such will force the installation of a new version of Windows. Microsoft has decided that these will be forced by default.”
“Laiho recommends that users not leave their computers unattended during a Windows 10 update and that users remain on Windows 10 LTSB (Long Time Servicing Branch) versions for the time being.”
“The LTSB-version of Windows 10 is not affected by this as it doesn’t automatically do upgrades”
“Furthermore, Laiho says that Windows SCCM (System Center Configuration Manager) can block access to the command-line interface during update procedures if users add a file named DisableCMDRequest.tag to the %windir%\Setup\Scripts\ folder.”
The Police could use this on seized laptops, just keep the machine offline until the next “feature update”, then pop a command prompt during the installation, and have unrestricted access to the encrypted disk.

Feedback:

Chris’ MeetBSD Road Trip Videos
MeetBSD Videos
Two Factor authentication
All eggs in one basket
VMDKs on ZFS vs. ZFS on VMDKs
ZFS Send/Receive Question
Backblaze Hard Drive Failure Rates for Q3 of 2016
HGST drives still the most reliable
Seagate ST4000DM000 still the most plentiful, good reliability, great SMART data
WD drives still hard to get in quantity
BackBlaze continued its migration from 2TB to 8TB drives. Resulting in the first time they have ever had fewer drives than the previous quarter.
Replacing 4400 2TB drives with 5100 8TB drives, turned 9 PB into 40 PB

Round Up:

The post Shift+F10 and Done | TechSNAP 295 first appeared on Jupiter Broadcasting.

How We Got Started With Linux | LAS 381

chris — Sun, 06 Sep 2015 07:53:10 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We finally share our getting started with Linux stories. And it turns out, it was nearly a freak happenstance for both of us & some great stories from our community.

Plus the Safe Wifi campaign you need to know about, we discuss the new elementaryOS, an update on the Munich situation & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

We share how we got started with Linux

— PICKS —

Runs Linux

KIller Robot Runs Linux

Desktop App Pick

Bash Scanner – A fast way to scan your server for outdated software and potential exploits.

After an initial scan, you will be asked to create an account on the PatrolServer dashboard (which is totally optional, you are free to use the tool without an account). The benefit of creating a sustainable account is detailed reporting, together with documentation on how to secure your server.

Submitted by SameerJubeh

Weekly Spotlight

Road Trip Playlist

Watch the adventures, productions, road trips, trails, mistakes, and fun of the Jupiter Broadcasting mobile studio.

— NEWS —

Save WiFi/Individual Comments

Right now, the FCC is considering a proposal to require manufacturers to lock down computing devices (routers, PCs, phones) to prevent modification if they have a “modular wireless radio”[1][2]
or a device with an “electronic label”[3]. The rules would likely:

Restrict installation of alternative operating systems on your PC, like GNU/Linux, OpenBSD, FreeBSD, etc.
Prevent research into advanced wireless technologies, like mesh networking and bufferbloat fixes
Ban installation of custom firmware on your Android phone
Discourage the development of alternative free and open source WiFi firmware, like OpenWrt
Infringe upon the ability of amateur radio operators to create high powered mesh networks to assist emergency personnel in a disaster.
Prevent resellers from installing firmware on routers, such as for retail WiFi hotspots or VPNs, without agreeing to any condition a manufacturer so chooses.
Save WiFi: Act Now To Save WiFi From The FCC | Hackaday

The folks at ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and other have put together the SaveWiFi campaign.

Federal Register | Equipment Authorization and Electronic Labeling for Wireless Devices

Online comments end 09/08/2015.

Freya 0.3.1 is Here!

At the heart of this upgrade is the latest Hardware Enablement stack from Ubuntu 14.04.3. It includes version 3.19 of the Linux kernel and an updated Mesa that fixes the dreaded “double cursor” glitch. Workspaces in the Multitasking view also now work properly on Nvidia Optimus. The new hardware stack also brings better support for backlights and touchpads on certain laptops, a host of performance and power-related improvements, and support for 5th generation Intel processors. This release should also improve support for (U)EFI systems, especially when installing without an internet connection.

Munich Linux councillor: ‘We didn’t propose a switch back to Windows’

“There are several points of criticism concerning the notebooks of the councillors with very different reasons (not Linux in general). There are 80 councillors in the city. Their work and needs can’t be compared with the whole administration.”

Pfeiler denied that there was any kind of consensus towards a complete reverse migration, but rather suggests a retroactive fitting of Windows for certain specific purposes, adding that there was nothing to suggest that the Limux system was working anything other than well.

Feedback:

Mycroft Adds Linux Desktop Voice Controlled AI as Stretch Goal

#VoiceOfMycroft
New Machine Tip
https://slexy.org/view/s2DJHp2hXG

Interoperable and Open
Optimized for the web
Scalable to any modern device at any bandwidth
Designed with a low computational footprint and optimized for hardware
Capable of consistent, highest quality, real-time video delivery; and
Flexible for both commercial and non-commercial content.

https://slexy.org/view/s28zaxg5vu
Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Catch the show LIVE Friday:

The post How We Got Started With Linux | LAS 381 first appeared on Jupiter Broadcasting.

A Chat with Red Hat | LAS 370

chris — Sun, 21 Jun 2015 07:19:35 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We visit with Red Hat at their home office & find out their long-term plans for CentOS, making Fedora more competitive & why they give away their biggest competitive advantage.

It’s a special edition of the big show!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

The Linux Action Show Visits Red Hat

Brought to you by: System76

Red Hat, Inc. is an American multinational software company providing open-source software products to the enterprise community. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina, with satellite offices worldwide.

Our Red Hat Reps:

Red Hat’s stock hits 15-year high

The stock even briefly hit a high of $81.44, although it’s now trading at just above $79, still historically high. It hasn’t traded near $80 since the heady days of the internet bubble back in 2000, when it hit $135 and traded at over $100 for a couple of months.

But in 2015, the stock has been on a tear again, since the company has now delivered nine straight quarters of beats on both revenue and profits.

Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

The post A Chat with Red Hat | LAS 370 first appeared on Jupiter Broadcasting.